diff --git a/.env-sample b/.env-sample index 2577777..c168072 100644 --- a/.env-sample +++ b/.env-sample @@ -12,6 +12,7 @@ DOMAIN=example.com HOMESERVER_FQDN=matrix.$DOMAIN ELEMENT_WEB_FQDN=element.$DOMAIN ELEMENT_CALL_FQDN=call.$DOMAIN +LIVEKIT_FQDN=livekit.$DOMAIN MAS_FQDN=auth.$DOMAIN REPORT_STATS=yes @@ -26,6 +27,8 @@ MAS_CLIENT_ID="0000000000000000000SYNAPSE" MAS_EMAIL_FROM='"Matrix Authentication Service" ' MAS_EMAIL_REPLY_TO='"Matrix Authentication Service" ' +LIVEKIT_NODE_IP=127.0.0.1 + COUNTRY=GB # as a convenience for creating /etc/hosts diff --git a/README.md b/README.md index 653ab00..a0f150c 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ cp "$(mkcert -CAROOT)"/rootCA.pem data/nginx/ssl # make an .env to configure your environment cp .env-sample .env -sed -ie s/example.com/$DOMAIN/ .env +sed -ir s/example.com/$DOMAIN/ .env docker compose up ``` diff --git a/compose.yml b/compose.yml index bf18b7b..24312db 100644 --- a/compose.yml +++ b/compose.yml @@ -29,7 +29,6 @@ services: image: ghcr.io/element-hq/matrix-authentication-service:latest volumes: - ${VOLUME_PATH}/data/mas:/data:rw - env_file: .env # FIXME: stop this regenerating a spurious default config every time # We can't do the same approach as synapse (unless use a debug image of MAS) as MAS is distroless and has no bash. command: "config generate -o /data/config.yaml.default" @@ -78,18 +77,8 @@ services: depends_on: init: condition: service_completed_successfully - # synapse: - # condition: service_started - # synapse-generic-worker-1: - # condition: service_started - # synapse-federation-sender-1: - # condition: service_started - # matrix-authentication-service: - # condition: service_started - # element-web: - # condition: service_started - # element-call: - # condition: service_started + synapse: + condition: service_started # certbot: # image: certbot/certbot:latest @@ -129,6 +118,11 @@ services: redis: image: redis:latest restart: unless-stopped + # healthcheck: + # test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + # interval: 1s + # timeout: 3s + # retries: 5 networks: - backend @@ -148,6 +142,8 @@ services: secrets: - synapse_signing_key depends_on: + redis: + condition: service_started postgres: condition: service_healthy init: @@ -257,11 +253,14 @@ services: init: condition: service_completed_successfully - livekit-server: + livekit: image: livekit/livekit-server:latest restart: unless-stopped + volumes: + - ${VOLUME_PATH}/data/livekit/config.yaml:/etc/livekit.yaml + command: --config /etc/livekit.yaml --node-ip ${LIVEKIT_NODE_IP} ports: - - 7880:7880 # HTTP API + # - 7880:7880 # HTTP listener - 7881:7881 # WS signalling # - 50000-60000:50000-60000/tcp # TCP media # - 50000-60000:50000-60000/udp # UDP media @@ -270,3 +269,5 @@ services: depends_on: init: condition: service_completed_successfully + redis: + condition: service_started diff --git a/data-template/element-web/config.json b/data-template/element-web/config.json index 3628f17..19105d9 100644 --- a/data-template/element-web/config.json +++ b/data-template/element-web/config.json @@ -17,7 +17,11 @@ "default_widget_container_height": 280, "default_country_code": "${COUNTRY}", "show_labs_settings": false, - "features": {}, + "features": { + "feature_video_rooms": true, + "feature_group_calls": true, + "feature_element_call_video_rooms": true + }, "default_federate": true, "default_theme": "light", "room_directory": { @@ -27,8 +31,7 @@ "breadcrumbs": true }, "element_call": { - "url": "https://${ELEMENT_CALL_FQDN}", - "brand": "Element Call" + "url": "https://${ELEMENT_CALL_FQDN}" }, "map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx" } \ No newline at end of file diff --git a/data-template/mas/config.yaml b/data-template/mas/config.yaml index 43e8f10..a4862e3 100644 --- a/data-template/mas/config.yaml +++ b/data-template/mas/config.yaml @@ -86,6 +86,9 @@ policy: admin_users: - admin +account: + password_registration_enabled: false + branding: service_name: null policy_uri: null diff --git a/data-template/nginx/conf.d/app.conf b/data-template/nginx/conf.d/app.conf index f853c51..8ffa4ad 100644 --- a/data-template/nginx/conf.d/app.conf +++ b/data-template/nginx/conf.d/app.conf @@ -66,7 +66,7 @@ server { include /etc/nginx/conf.d/include/ssl.conf; location / { - proxy_pass http://element-call; + proxy_pass http://element-call:8080; proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr; } } @@ -84,6 +84,18 @@ server { } } +server { + server_name ${LIVEKIT_FQDN}; + server_tokens off; + + include /etc/nginx/conf.d/include/ssl.conf; + + location / { + proxy_pass http://livekit:7880; + proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr; + } +} + server { server_name ${HOMESERVER_FQDN}; server_tokens off; @@ -106,21 +118,25 @@ server { location ~ ^/_matrix/client/(r0|v3)/sync${DOLLAR} { proxy_pass http://synapse-generic-worker-1:8081; proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr; + proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme; } location ~ ^/_matrix/client/(api/v1|r0|v3)/events${DOLLAR} { proxy_pass http://synapse-generic-worker-1:8081; proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr; + proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme; } location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync${DOLLAR} { proxy_pass http://synapse-generic-worker-1:8081; proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr; + proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme; } location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync${DOLLAR} { proxy_pass http://synapse-generic-worker-1:8081; proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr; + proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme; } location / { diff --git a/data-template/nginx/www/.well-known/matrix/client b/data-template/nginx/www/.well-known/matrix/client index 88a5b04..9d32a7c 100644 --- a/data-template/nginx/www/.well-known/matrix/client +++ b/data-template/nginx/www/.well-known/matrix/client @@ -12,7 +12,7 @@ "org.matrix.msc4143.rtc_foci": [ { "type": "livekit", - "livekit_service_url": "https://${ELEMENT_CALL_FQDN}" + "livekit_service_url": "https://${LIVEKIT_FQDN}" } ] } diff --git a/init/init.sh b/init/init.sh index 77e103f..e7c6d93 100755 --- a/init/init.sh +++ b/init/init.sh @@ -42,6 +42,16 @@ then head -c16 /dev/urandom | base64 | tr -d '=' > /secrets/postgres/postgres_password fi +mkdir -p /secrets/livekit +if [[ ! -f /secrets/livekit/livekit_api_key ]] +then + (echo -n API; (head -c8 /dev/urandom | base64)) | tr -d '=' > /secrets/livekit/livekit_api_key +fi +if [[ ! -f /secrets/livekit/livekit_secret_key ]] +then + head -c28 /dev/urandom | base64 | tr -d '=' > /secrets/livekit/livekit_secret_key +fi + # TODO: compare the default generated config with our templates to see if our templates are stale # we'd have to strip out the secrets from the generated configs to be able to diff them sensibly @@ -78,6 +88,12 @@ export DOLLAR='$' # evil hack to escape dollars in config files template "/data-template/mas" ) +( + export SECRETS_LIVEKIT_API_KEY=$(